Posted
by
Hemos
on Monday September 13, 2004 @01:39PM
from the how-to-fight-it dept.

An anonymous reader writes "The author of the Echelon decided to take his fight against software piracy to the next level and then threw in the towel. After someone began posting new serial numbers on a well known hacking site, the author took matters into his own hands. With version 1.0, entering a hacked serial number causes the software deleted the user's Home directory. Yes, you read it right, the software completely erases it (aka rm -rf ~). A variety of people have voiced some somestrongopinions on this. While some argue that piracy is good for established companies, a few large companies are battling piracy and having limited success. Small, independent developers, however, are recognisingthisisaserious problem and are generally stumped by what to do about it."

My textbook "Exploiting Software" suggests that if you are able to overwrite the interrupt vector, you should do something malicious when a breakpoint is hit, like erase the disk. That should keep people from fucking with the internals of your program for a while. I see about 30 ways to get around this, but m0r0n h4c13r software cracker might not.

That really sucks. The only pirated software I have is stuff that I actually own but would rather have a version that doesn't require the CD or something I own that the CD was damaged & I refused to pay $10 or whatever for a new CD. I have the license keys to back them up. If a pirated copy deleted my important calls you can bet I would be on the phone with support for hours until they restored all of my data they messed up.

>If a pirated copy deleted my important calls you can bet I would be on the phone with support for hours until they restored all of my data they messed up.

Almost modded this funny, then I realized you weren't try to be funny. Anyone who does this isn't going to have a support number, and isn't going to put up with your BS if they do. Clearly they don't care about customer satisfaction if they're wiping home directories. What makes you think they'll be able to recover your rm -rf ~ better than you can anyway?

If you can show the expense on the credit card bill, it shouldn't be hard to contact the software vendor and get a new key. Going to a site to get a hacked key is not only illegal, it's lazy and pointless, if you actually paid for it. If you're not savvy enough to have a copy of the serial number somewhere, does that mean the vendor should just say "oh, okay, use a hacked key"? How, exactly is he supposed to know that you bought the software but were too lazy to ask for a replacement key?

This actually isn't a new idea. I remember an early version of Lotus 1-2-3 (for DOS) that did something like this. If the program thought it had been pirated, it deleted its main.exe files. This forced you to have to re-install it (assuming you were the legal owner), but didn't damage any of your data or other programs.

At the time, they weren't using serial numbers as copy control. The floppy had some kind of copy protection on it (a "diskcopy" wouldn't work), and it wrote some files in the install directory that were marked system and read-only. You couldn't touch these files. If they got moved by a defrag program (for example), the program would zap itself. (I found that out the hard way. It was not mentioned anywhere in the manual.)

Doing this is probably the only legally defendable kind of destructive copy-protection. If the user pirates your software, he has done something illegal. That does not give you the right to do something illegal back to him. If he has no right to run your software in the first place, then there's nothing wrong with your software deleting itself, since he shouldn't have it in the first place.

As with my example above, when implementing destructive copy-protection, you must be very careful to make sure it won't backfire on legitimate users. I did own a legal copy of Lotus 1-2-3, which I had installed from the original disks. I didn't know that allowing the file to be moved by my defragger would cause the program to think it was pirated. Suppose Lotus had decided to delete my data files (no "home directory" on DOS) instead of just the 123 program? Then I would have lost my data even though I was a legitimate owner of the program and I was doing nothing wrong, according to the software manual. As it was, instead of losing my data, I only lost about half an hour of time performing a re-install.

Doing this is probably the only legally defendable kind of destructive copy-protection.

Actually, there is no legally defendible copy protection of any sort. A pretty important nit to pick, really. The DMCA itself should actually be declared unconstitutional, because it is.

You see, copy-protection violates the sacred arrangement that copyright represents: it prevents the software from entering the public domain upon expiration.

The DMCA should be declared unconstitutional for this reason exactly, because it protects a method that is used to prevent copyrighted materials from being copied without the owner's permission, more or less indefinitely. Copyright is supposed to expire, and unless your copyprotection accounts for it, you're in violation.

I'm still very much in favor of revoking copyright for people who use copy protection on their stuff and immediately forcing it into the public domain. So it should be legal to break the copy protection. If you want protection from the law, honor your end of the bargain and place the work into the public domain upon expiration of the copyright. If you don't want protection from the law, then go ahead and use copy protection. but don't whine about piracy, you had your choice.

Data Bombs and similar devices may not be the most effective detterants, but with all the brainpower behind the open source movement, there has to be something that can help closed source projects keep security intact without resorting to mass-lawsuit ventures. Without adequate protection, cracks come out within days, if not hours, and ISO's are released as soon as the CD's hit the market.

What, excatly speaking, does open source movement have to do with piracy ? Open source is all about making the source code of the program available to the end user; it has nothing whatsoever to do with removing copy protection from closed-source programs.

Furthermore, all the various stupid copy protections do is make cracks sometimes an absolutely neccessary part in getting the program to run. For example, the (legally bought) game Morrowind kept crashing on my machine at startup because of copy protection check; applying the no-cd crack solved the problem completely. Copy protection does not slow pirates in any significant way, it simply annoys legal users.

And deleting the users home directory simply ensures that no one will buy your products out of fear of them deleting their directories because of typos when entering serials or programming errors.

How can that go to far, you do read those EULA don't you ? I'm sure its written in there somewhere.. Maybe if more software developers did this, there would be a nasty lawsuit. Then, maybe, just maybe, EULA's would finaly get a chance to fail in court, and that would really shake shit up....

Is clearing the Home directory much worse than inserting files into the network stack, creating Viral software that is almost impossible to remove, and that reinstalls itself when it detects part of it was removed?

At first glance, you might think, "Yeah! Serves 'em right! Delete their home dir!" The thing is, it's akin to setting up a trap in your car or home for burglars that hurts or kills them (although deleting ~user shouldn't be physically harmful, at least directly). In short, going on the offensive in an equally or more sinister way doesn't always make it the right thing to do.

"You'd actually be able to sleep at night knowing you killed some poor drug addict who was strung out looking for a little cash for his latest fix"

Your emphasis is on the wrong guilty party there fella. While it is illegal to set traps to injure or kill people, no one MAKES junkies break into houses. If I did trap my place, I would sleep very well knowing they killed THEMSELVES.

Why is it harsh? If you crack the software, you pay the consequences. You're not owed anything at that point. As far as ethics is concerned, the app could do anything it wanted.

Warez is a result of this lame sense of entitlement that today's computer users have. Arguing piracy is "good" for companies doesn't matter--it's not provable, but more importantly you don't have the permission from the copyright owners to do it. Pirates are just freeloaders who get bitter when the free ride is taken away.

Well, to begin with, it's completely unreasonable, as the amount of damage is pretty much random. A *long* time ago, the idea of "eye for an eye" was established as reasonable punishment. Yes, reasonable, since before people would do things like "You break my arm, I set your house fire with your family inside". Eye for an eye set a reasonable upper bound which wasn't that bad in those times. Trying to go back to before that by this kind of completely unreasonable revenge is ridiculous.

Besides that you have a legal problem. I'm fairly sure that somebody could argue that even though they caused you a $100 of loss (or whatever it costs), the nuked home directory caused $10K of loss. That kind of thing could turn out *really* ugly.

Okay, so the person didn't have permission to use the software. I can certainly understand the urge to do something like this.

However, consider the consequences. The publisher could get sued. Sure, he probably will (might?) win, but it costs money to defend. Oops, there goes more profit. The publisher loses goodwill (hard to define-but not all publicity is good publicity....). Oh, and maybe the publisher gets hacked/cracked by someone he has pissed off (people pirating software may not have the strongest morals/ethics/logic but some may be good at computers). Oops. There goes more profit.

In short, I see a lot of downside and little upside. And I sure as heck wouldn't want to use a product as a LEGITIMATE user if I knew it was designed to screw up my system (even if only for illegitimate users).

I'd gladly admit to one count of copyright voilation and pay my dues if I could at the same time prove he deleted a million or two dollars worth of IP from my account.

Then on top of it, toss in any/all new malware and trojan horse laws at him, add a pinch of whatever they are calling 'cyber terrorism' nowadays, mix, stir, sit back and laugh all the way to the bank.

Worst part for the author about this, his software is 'out there'. It's not something he can easily take back.One could spend a few months cleaning up any piracy connections they have, building/collecting this few million dollars in ligit IP, and install his software knowing what will happen. Its alot harder to prove someone isnt stupid than it is to prove this software author intended for his program to do this.

About the only recourse is posting a warning on his site that whichever version this is is seriously broken and will (read; WILL) cause damage to your system.I'm sure there are even courts that will not look favourably at that, based fully on his intent.

Dude seriously needs some perspective.It may feel good to pump 12 rounds into an unarmed tresspasser, but comon...

"Little college dorm room kiddies will just come along and download it and then run to boards like Slashdot and justify it as "free advertising." "

Whats funny is you mention this in the terms of being a musician.

I have worked on a number of music software applications over the last few years from anything from being a beta tester to designing the GUI for guys that have a great product, but a shitty interface.

And this is this same exact arguement used everywhere -- its just free advertisement. Or if I use it to make money, I'll pay for it. Or I'm just a little guy, and the pros should have to pay since I haven't had my first hit yet.

In this area, I've *NEVER* seen a pro pay for professional music software...if you are making money off of it, you will more than likely get it given to you for free. Hell, I haven't paid for 90% of the software I've been given -- and most of it sits in its box on the shelf as the software I *USE* is almost the inverse of this (for some reason, I'm more likely to use the stuff I pay for -- it has real value to me).

But the thinking goes, being a paid musician is like winning a spot on a basketball team -- there are only so many spots opening a year, and most likely its not going to be you. So the software is given to the professionals to advertise to the little guys...I don't know how many times folks will come to my studio and ask what I'm using, only to run out and buy it thinking that it means they can leave me outta the mix, so to speak...only to realize you can't buy talent out of a box -- it comes from years of hard work.

So honestly, the software is sold entirely to the guys that can't make a buck and most likely will never make a buck. Great guys -- and a lot with real talent, but really don't want to do anything but play on weekends with a bunch of friends.

Anywho, the companies advertise as they feel like advertising and need no help from anyone else. I wish there was a decent way to prevent piracy but the folks that want everyone elses hardwork without doing anything for it want to be rebels. Its like the fuckwad kids that think stealing their instruments make them an authentic punk band even though they are from the suburbs.

I love free software and have contributed to some of it -- in my day job we give away several packages I've solely designed and developed, but all in all, folks need to respect the opinion of those that provided the software...even if there were no laws preventing the copying of software or music or whatever, you'd think folks would have the decency to understand that if someone creates something they should have the ultimate say on how its used. If ya don't like that, you are free to develop your own...its not like the ideas are that hard to come up with, and an army of OSS programmers should be able to replicate anything who can give their software away under the ideals they wish it to be released...

"If you crack the software, you pay the consequences. You're not owed anything at that point. As far as ethics is concerned, the app could do anything it wanted."

Your software *thinks* I pirated it, ergo it can do anything it wants and get away with it? Nuh uh. What happens when a pirate releases a keygenned key that happens to match mine? What happens when I hit a bug in the key verification code? What happens when a cosmic ray flips a bit in the relevent code and a FALSE turns into TRUE?

"id Software lost over a million dollars to record-breaking piracy the weekend before Doom 3's release"

Says who? Based on what evidence? I pirated it, saw that it sucked, and then did exactly what I would have done anyway; I didn't buy it. Did they lose $60 on me anyway? Maybe they would have if I'd cancelled my preorder based on that, but then I'm just using my increased knowledge of the products available to spend my money more wisely. Is that still a bad thing? Maybe for Id, but not for me, and I don't think for the market either; mindless shooters with crappy atmosphere and insanely repetetive gameplay should not a blockbuster make.

"As more and more people pirate the fuck out of everything, the system will eventually completely crumble, and nobody will be able to make a living off of any software."

Kindly provide statistics and sources that show more and more people are pirating software, and that as a result the amount of purchased software is going down. Or are you just assuming that's what's happening?

I think even deleting system programs is way too far. Suppose you have a user (an eye dee ten tee) who has his only copy of his master's thesis in his home directory... you can imagine what happens next. You can make the argument that he deserved it, but it doesn't justify wiping out his thesis.

If the program instead followed your suggestion (never minding the permission issues - it would have to be run as root) and deleted system software, what would happen if the program was run on a production server? Sure, it really ticks off the user, but a lot of things on the server for all users would grind to a halt until the deleted files are replaced. You just can't justify doing something this drastic.

What's the point? The user's system is vandalized without reason. The loss of revenue does not equate to the destruction of the user's data. There is always the possibility that the user mistyped the serial number, or has a legitimate serial number which has unwittingly fallen into a pirate's hands.

What ever happened to just not working when a bad S/N is entered? Not producing garbage output or destroying files, but just not working. If you're going to take the approach of pissing off the user, where's the justification in vandalizing the system to do it? Unless the programmer is trying to invite up-close-and-personal criticism.

Or even a known-pirate S/N that the installer used because they left the legitimate number lying on a notepad on their desk at home, and need to get system at a remote site up and running now?

Back in the Windows 98 days, I found myself in the position more than once of having left the OS box with serial number at home, so I'd have to Google (well, AltaVista) for one of the popular warez versions so I could finish an install and go home. Note that I was not pirating anything; I had the legal right to install one copy of the OS, and I installed only one copy.

So now I'm visiting my mom's city on a long weekend, and helping my sister install Echelon so that she can burn copies of her vacation video. Dang, the legit serial number is sitting in my mailspool behind a ridiculously paranoid firewall 500 miles away. I know - I'll just grab a S/N from the 'net to get her system going until I get home. Oops, sorry 'bout that, sis! Hope you had backups!

Justify it all you want, it is still illegal. You have a serial number, misplacing it does not give you the right to use someone else's.

No, it's not. It may be against your particular Terms Of Service, but it's not illegal. First off, I can't imagine any software company in the world that would object to this as long as you stick to the correct number of seats / connections / whatever. Second, try explaining that to the judge:

Them: "Your Honor, the defendant paid $39.95 to buy this sequence of digits that would allow him to use our software, but he really used that sequence."
Judge: "And he using features that he wasn't entitled to, under the terms of the correct sequence?"
Them: "No."
Judge: "Oh. So, then he sold the 'legitimate' sequence while still using the one he downloaded from Google?"
Them: "No, Your Honor. The thieving pirate went home, printed out the legitimate sequence, mailed it to the customer whose machine he illegally installed our software on, then deleted it."
Judge: "Are you on crack, or does this really make sense to you?"

I realize that doing something like this may make the developer feel better, but it accomplishes absolutely nothing other than petty revenge.

The purpose of anti-piracy measures is, presumably, to reduce piracy. When you decide you're going to take revenge on anyone who pirates, all you are going to do is drive away people who might otherwise pay for the software. Nobody says "gee that guy wiped out my hard drive. I should pay for the software I stole from him." Would you do it if you were in that position?

The pirates will continue to pirate, while finding a way to make the program work without permissions to do anything harmful. The innocent user who enters the activation key incorrectly will likely be harmed by this. And the developer will lose future business, and rightly so. And if serious damage were caused, they will face a lawsuit.

If there are any developers out there thinking about doing something stupid like this, please reconsider. It will not help you in any way; it will only hurt you. I for one will never install software that has provisions to wipe out my home directory. What if it does so by mistake?

The funny thing is, this has gotten to point where the only "vendors" of shareware you can trust was essentially warez-sites, as the crackers compete in removing all the spyware, nackware, crippleware, and other attached diseases.

When you download something of the official site, it will not work, spy on you, advertise random crap and now delete you home directory; but if you download it from a warez site, it is clean and functional. This counts even for software bought in shops, like Windows XP, which doesnt require "activation" in the cracked versions.

It's not common, but when I lose my key to a software product I have paid for, I don't bother with the (sometimes) huge hassle of trying to get it again. Over the past 7-8 years I'm sure I've registered many different software packages with many different email addresses so I usually have no idea what one goes with what software package.

I am in no way stealing. This guy is out of line. Removing the home directory of a user is ridiculous. Just delete the f'en product directory.

I have spent hours learning to hack websites, applications and databases, I'm not great, but I found the process of learning fun.
I don't think you can dissuade people from cracking your apps by making it hard work, the harder it is, the more credibility you get in cracking circles.

The thing that gets to me is that coders and packagers can spend so long trying to lock up their apps that they spend time on that which could be spent debugging or advertising, fundraising for the next version or putting eye candy in the app so that the people who actually pay for software will find it attractive and pay for it because it looks professional.

And what happens when a bit error causes a JNE (Jump Not Equal) to become a JE (Jump Equal), and the correct information leads to your data being erased? All these checks are great, but it all really comes down to:

if status=valid,
run normallyelse
delete all filesend if

If the stupid program can tell when a fake number is entered, it should simply refuse to run.

That's the thing though...."extra sales" ? There will be none. No one is going to say "well, it deleted my home dir...maybe I'll buy it!" This is pure retribution...plain and simple. Very short sighted, IMHO.

I guess FADE is something comparable. But it didn't get out of the realm of the game (Operation Flashpoint in this case), but simply degraded controls and ammunition inside the game. It proved not to hold long (as any protection), but I think it enouraged some people to buy the game they liked.

I'd like to add that back when I was using windows, the first program that I ran into this with, bulletproof ftp, was actually able to detect a keygen'd serial number. It displayed a nasty message in the bpftp program and then opened up IE and took me to the ordering page on the bpftp site.

I was impressed. I was maybe 16, and I wasn't necessarily using keygens because I hated companies or wanted to be malignant, I just had no money. This was the first program that had been able to detect a keygen'd serial. So, I actually bought a license for bpftp... (it was cheap anyway).

Maybe I'm the only one who feels this way, but I had to hand it to 'em. It's a respect thing, I guess.

Or maybe it was just adolescent "logic" running through my head. Nowadays it seems kind of dumb. Oh well, thank god I don't use windows anymore.

How illegal would it to be to have systems with pirated serial numbers produce trashed output files? If the Echelon developer was really cruel, the Mpegs could be good for a few megabytes, so the preview would be okay (along with a quick check of the video).

I admit that deleting the root directory is too far and I would agree encrypting somebody's files but surely a program using a pirated serial number could not be expected to work properly?

Deleting a user's home directory is a bad idea. It's not portable. How about those poor folks running Windows 9x. They don't have proper home directories. Even the ones in WinXP are half-baked.
You'd have to build in a routine that'll erase the C:\ drive for those poor saps.

Yeh, the most that would happen to me if they delete my PC's home directory is my settings, bookmarks, and a few other minor things. At most, I might need to perform a repair on SOME installs to get an app working correctly.

But I don't store anything in "My Documents," "My Pictures," or the like. Sure, some games default their saved games there, but boo hoo.

My Powerbook on the other hand, I'd have to kill someone. Seriously, I'd wring their little necks.

First, at least he didn't start emailing parts of the user's mailspool to address book entries!

I always thought it was kind of ironic when the small people back the groups like SPA / BSA. Those "industry" groups represent those who fund them, and AFAIK will do nothing for the little guy. They are funded by the big players.

There have been a few other similiar cases. I believe one of the popular Windows CD recording packages would burn garbage CDs if you entered the wrong serial number, or entered one of the popular serial numbers found on google.

I too have been stung by rampant piracy, however I would never do what these authors did for fear of the potential legal and ethical problems it could cause to knowingly sabotage someone's system. In my case the software in question is Net Weasel, a small HTML editor that has had millions of downloads, has several thousand active users bugging me for support and zero registrations (that's right, not a single person willing to pony up any money). Yet people still email me claiming to have a legitimate copy and demanding that I fix bugs or release a new version. As it happens I do have an updated version I use myself and I'm working on a 2.0, but until I come up with a way to stop people from writing cracks its just not worth my time to release. I'm already compressing and encrypting the executable, there's a point when the copy protection gets to be a bigger project then the application itself.

Have you ever considered that perhaps you're charging too much for your software? Also, if people are flooding you with support requests for shareware, there is a good chance that they won't actually plop down $$$ for the software until it works as advertised. No matter how much work you put into your anti-piracy system, people won't pay for crap.

I don't want to sound too harsh here, but if you take a hostile view of your customers, they will respond in kind. This might be a good opportunity to step back and see if there is anything you could be doing differently to make your product more buyable in the eyes of your consumers.

I think that illustrates the point the other poster was trying to make. If there are thousands of people using the software, and many asking for support, then I can't see how directing them to a website that explains how one gets support (by buying the product) would be so difficult.

It's got to be pay to work, because the scarcity properties of digital artifacts and our understanding of economics makes paying a hefty

there are gobs of DVD authoring apps out there, Most in the $199-$399 price range with the most expensive beign Scenerist at $30K+ All the cheap DVD authoring apps suck and make you do their "templates" that all look cheezy and crappy. So DVD authoring apps are pirated by most Indie and enthusiast movie makers.

A year ago I found DVDlab, something with almost as much power as Scenarist and it costs $99.00.

out of the 20 or so Indoe film Makers that had pirated versions of other DVD authoring apps, all but 3 of them have bought DVDlab.

why?

because it's affordable.

software price is the #1 cause of piracy. why the hell pirate something when it's easier and cheaper to simply buy it?

Most people are suspicious of software today. they are used to spending big $$$ for utter crap that only barely does what is promised. (Final Draft for example!) They are tired of being extored at every turn and paying huge $$$ to some guy that thinks being a programmer is worth more per hour than the engineers making high end bikes and other physical items that they know they own.

I find it hard to believe that nobody has bought your software with millions of downloads. I find that a really good program gets about a 1% (ouch) download/purchase rate.

I'm working on designing my site so that the keys are available on a web-based DB. Do an MD5 on the key, and match hashes with with the one on-line at program startup. No match, no save capability. Too many people going for one key? Disable that key.

Have the program run OK if it fails once or twice in a row, but the third time, the program dies until it can check its key.

People may still be able to crack your software (No real defense against people rewriting your program...), but keygens and re-used keys become a rarity.

First off I am dumbfounded that you have not sold a single copy of your software:( It looks really nice though and I'm sure if I had a need for an HTML editor I would consider your software!

But I believe we already have some glowing examples of effective anti-piracy measures:

#1) Counter-strike. The video game. Yes, Valve's CD-KEY system actually works here because in order to play the game you have to connect to a server. To be able to connect to a server your CDKEY has to match one of the keys in their

Well, I just took a look at Net Weasel. It looks to me as if you've made a few fairly basic mistakes from the marketing perspective, so let me try and come up with some helpful comments as to why you're not getting the response you're looking for.

1. Firstly, as far as I can tell your product is an HTML editor with no CSS support. Well, these days that's like trying to sell a graphics editor that doesn't do PNG, or an e-mail program that doesn't handle attachments. Even people who don't want to do their entire site design in CSS still want to be able to do the neat stuff you can only do with CSS.

2. Related to the above, HTML standards have changed a bit in the last 5 years, and you haven't kept up to date by the looks of things. Not valid XHTML, no DTD statement, and so on.

3. You've chosen a field where there is massive amounts of competition, and that's never a good way to make money. Everyone and his dog has made a simple text editor that handles HTML and makes it a bit easier. So, even if you had the best HTML editor in the world, I still wouldn't expect you to be raking in big bucks, because you'd be up against at least half a dozen big companies with big advertising dollars, shelf space in every Best Buy, and major mindshare.

4. Think about who your target market is. You're not going to stand a chance of cracking the pro web designer market with the product you have; pro web designers need CSS, template libraries, DTD validation, image slicing, applet and plugin integration, and so on. At the opposite end, you're not going to get the Joe Sixpack market either, because they'll see raw HTML and recoil in horror. So, you're going after what I'll call the "dabbler" market--people who've learned a bit of HTML for fun and want to build a small personal web site. That's a pretty small niche to be in.

5. You don't have enough differentiation from the free offerings for that niche, in my view. Every half-decent free text editor can edit HTML with syntax coloring, and usually validate it and generate IMG tags too. You clearly know what your differentiators are, which is good: they're the table editor, the form editor and the frameset editor, and maybe the font dialog if it supported CSS, which it doesn't. Trouble is, dabblers generally don't need forms or tabular data--they use tables for layout, which it doesn't look as if your table editor is suitable for. They sometimes use framesets, but most of them know by now that frames suck. So, what can your product do that makes it an essential $20 upgrade from vim or jEdit? Nothing as far as I can see, and...

I don't honestly think that you can hope to make money in the market you're currently aiming at. To do so, you'd have to fix all the defects and shortcomings, and then come up with some "killer app" functionality to beat Mozilla Composer, jEdit and the rest.

So you'd have to get up to date with the standards, and support XHTML and CSS. Then you'd need to add all the other features the free text editors have that people just expect these days, like file browsers, folding, abbreviations/macros, regexp search and replace, autosave, bracket/tag matching, multiple cut/paste buffers, and spelling correction. And then, you'd need to add more compelling features, like a graphical color selector with tools to help users pick complementary colors, and something to search and replace across multiple pages.

That's a hell of a lot of work for a product which, realistically, people would still only pay $20 or $30 for. If I were you, I'd cut your losses and write software that does something nobody else has done yet, or nobody has done cheaply, or nobody else has done well.

Not about piracy, but about your program. I think the reason you aren't seeing registrations is because you've made a pretty much unmarketable product. Now I'm not going to go and extinsevly play with it, but it looks to me like a bit of a glorified text editor. Looks like you've added some things like syntax highlighting, a couple wizards for building tables n' such and, well, that's about it.

Ok, well that's nice. That is certianly more HTML related features than notepad, and even a bit more than my beloved UltraEdit. However, you still face the same problem: You have released a text editor. It has a couple nice features, but it's just a text editor in the end.

Well, that's the kind of thing that most people will take for free, but just aren't willing to pay for. I mean there are some nice features over a basic one, but I have a feeling if you made copying impossible, most people would just do without.

You aren't asking a lot, but then again, you don't give a lot. I mean your HTML wizards for tables and frames seem unique but, really, those aren't that useful. Your editor also lacks most of the advanced features that Ultraedit (slightly more expensive than you) or Textpad (slightly cheaper than you) have.

Finally, your stuff is out of date. Tables and frames are NOT the recommend way for doing layout anymore, layers are. If I was going to get an editor that could help me do something in HTML, layers would be my top choice.

So, what you need to do, if making money is your goal, is do something to make your editor more worth buying. Here are some directions you could take:

1) Go the text editor route. Flush it out with support for huge files, hex editing, regular expressions, alternate encoding, macron, etc. Make it a full featured text editor to comete with Ultraedit, but add something more, like your HTML wizards.

2) Go the wizards route, but have them for EVERYTHING. You list like 3 wizards (form, tables, frames). K, nice start, but you need to add a whole lot more. Layers, style sheets, DHTML, JavaScript, etc. Make it so that the wizards can more or less write anything for you.

3) Go the visual route. Try and make something like Fireworks, only probably less featured (And also less espensive). Something for those that want the pointy-clicky but can't afford a Macromedia product.

However where you are now, I'm not supprised that you aren't getting sales. Your product is nice, and maybe something I'd use for free, but I don't see that I'd want to pay for it, espically not instaead of Ultraedit or Textpad.

Not trying to justify the copying, just trying to explain it and give you some ideas.

Also, the whole OSS/GPL push doesn't help. People are becomming trained that little programs that are downloadable ought to be no cost. Software in a box costs money, not software on the web.

Also, don't feel like no one ever buys things like this. The University of Arizona has a site license for Textpad. People do buy text editors, but you need to find an angle that someone doesn't ahve, or do it better than someone is doing it now.

No. Party one didn't necessarily steal the software. Perhaps Party One merely made a typo in the registration screen - a typo for which he'd like the program to tell him it's wrong and let him type it again.

The problem with automated anti-piracy smack-downs like this is that they are going to register false positives. Like when the MPAA assumed that seeing a file by the name of "one.mpg" meant that the file must be the song "One" by Metallica, and that it must be a song for which you don't own the legal

If anyone lost any critical data due to this 'feature', there could be serious consequences. I'm not sure if rm -rf ~ on OSX makes the files unrecoverable, but the author ought to be liable to pay to recover the data.

In fact, simply writing the software may have been illegal.

If someone steals some CDs from you, you don't have the right to burn their house down.

And, as a matter of fact the software in question may have been violating the GPL. It was basically a front-end to FFMPEG, which is GPL'd, and it may have come bundled with it.

So basically the guy wrote an easy to use front end to some free software, and then trashed people's work when he stopped getting money from it.

Way back when it was in about version 2.something I sent money to the writer of ez-cd extractor. Back then it was (although it may still be) one of the easiest *high quality* rippers around. Last I looked it was up to about version 7.3 or so. Now, in that time I have moved two or three times (email, I mean) so I sometimes have a hard time remember which address to use to request the latest reg code - and EVERY new version lately needs a new reg code. Mostly this resulted in me not worrying about it (there a

I'm a professional software developer myself and while the software I work on isn't piracy prone, I'd never go this far.
Disable your own software, do bad encodes, draw goatse/tubgirl images on the encodings, but dont, DONT mess with files that doesn't belong to your program.

This is just plain immature, not to mention very wrong.
And yes, it seems like the author already removed it, but putting it there in the first place is bad.

I have some mixed feelings about piracy. I believe that, at the core, software piracy is morally reprehensible (sorry about using the term piracy for those of you that quibble about that, but it is the term used in the summary).

As a software developer, I feel that I ought to get paid for the work I do. I do work for a company that pays me to develop, so it's really their responsibility to make sure their software isn't pirated (if they want to protect their business).

Nevertheless, I feel that piracy can be benefically to any company, regardless of size. I think that it may even help smaller companies more than larger companies, because piracy may be the vehicle in which a particual software package becomes very popular. However, one has to realize that 100% of software can't be pirated, otherwise nobody would develop anything meaningful (excepting the free software movement, but that's something pretty special [and I do wholeheartedly support it, even with LOC when I can]--I am speaking in a manner of business). Like most things in economics, it probably requires the right critical mass (you need to have the right number/ratio of people buying your software to make you profitable, but you need to have a certian number/ratio of people pirating it to make it popular).

I never think that software should ever use measures that destroy your property (digital or otherwise) as a means to prevent piracy. I am glad that the author of the software mentioned above took out the folder deleting technique--I cannot believe he did that in the first place.

Back in the days when we were cracking Commodore 64 games, I remember there was one game that did something similar.

The game floppy had its write-protect notch covered, as with most commercial software. We played around with the disk, changed some things, and then tried to run the game.

It turns out that the very first thing the program did was to attempt to format the floppy disk!! Of course, for most users nothing happened, because of the write-protect tab. But we had to go back to the store to get another copy. (First thing we did after that was to take out the format command.)

I'm a big supporter of free software, and am totally against software piracy. A contradiction? No SIR!

Free software depends on adherence by users to an agreement with the developers not to illegally use the software in a proprietary manner. If we expect people to abide by free software licenses, we have to abide by commercial software licenses too.

In my opinion, the only thing he did wrong was to not put a clause into his license that when the user clicks on it specifically authorizes the code to delete the home directory if it chooses to.

Stop stealing music, software, etc. while at the same time expecting free software to remain free. It's hypocrisy.

No matter if they killed your dog first, if you kill theirs back in revenge you'll just as culpable as they are.

On the other hand, I can understand the difficult situation of small companies defending theirselves (we've also had to deal with similar situations lately).

I just don't accept this course of action. It just doesn't make him any different. Acting like this just proves his ignorance and inability to come up with a suitable defense (has not to be perfect, just enough to generate some reasonable income).

Anti-piracy sabotoge has been around for a long time - it dates back to the days of some manufacturers using 5.25 inch floppies that included an unused disk track containing sandpaper - attempting to copy the master disk would result in moving the floppy read head over the sandpaper covered track, thus destroying it.

This was stopped for probably the same reasons as discussed in the home security thread regarding booby traps. Destroying somebody's PC is illegal, even if they are making illegal copies of your software. Besides, what if they were using somebody else's PC to do it? And who would want to purchase a product that could destroy your PC if you make a mistake? Kind of like purchasing a car with a built in self-destruct as an anti-theft device. God help you if it malfunctions.

Pirates *aren't* your customer base. They don't buy software. They may use your program without paying, but they aren't a lost sale.

Spending time trying to convert them into customers is completely wasted. Stop them from using your program with a perfect protection scheme, and all they'll do is use a different program.

Do it in a rediculous manner like this joker, and all you're going to do is drive away your legitimate customers. I wouldn't pay for this thing in a million years. Who knows what crap this thing could pull in the future? All it takes is one bug, and suddenly it thinks legit users are pirates...

This stunt he pulled has caused far more loss of sales for him than any software piracy.

Anyone remember Jeff Arnold's CDRWIN program? His program was popular years ago for its ability to copy Playstation games. As his program became popular target for pirates, he implemented something similar. But as I recall, the user outrage was enormous, and he had to remove the new "feature". Even then, people didn't trust his software for a long time afterwards.

...you do what makes sense. You put locks on the doors. You put wooden dowels in your sliding patio door and windows if you are going on vacation. But you can't rig your locks to blow someone up if they attempt to break in your house. That's insanity.

There's only so much you can (and should) do with software. Even the boys in Redmond have a line item to deal with lost sales due to hacked code - it's simply a fact of life that not everyone is going to be a paying customer; it's a cost of doing business.

Seriously. It's much easier to pirate some games than to buy it. The amount of inconvenience involved in running the legal product is sometimes quite amazing.

For example, recently I bought Neverwinter Nights and both expansions. Previoulsly I had the pirated NWN, but of course I couldn't play online with it. So after I found I in fact like it, I bought two copies of NWN + SoU, and then a HotU one too.

Installing it on Linux was a bit unintuitive, but I can live with that. Next problem was that the font of the CD key was illegible, and "A", "R", and "O", "D" and "0" look the same. Just great, with a pirated CD it installs directly, and with the legal one I need to spend 15 minutes trying to figure out which is the right key. And what if I happen to find another valid one, but which is not mine?

For the SoU expansion, Bioware forgot to include some background music. The sad thing about this is that the pirate copy of SoU probably comes with the sound files on the CD, or at least it's something that could be easily done.

Then there are some games in which copy protection goes to ridiculous levels, like installing special drivers. I *hate* this kind of crap, which is almost all the games I play are on Linux, where this stuff hopefully will never become common.

I wonder if there was a warning. If BEFORE prompting user for a serial number there is a BIG RED warning stating that entering a "stolen" serial number will DELETE ALL YOUR DATA, then may be, just may be, I can see this as a legitimate, if boneheaded method. Of course if it were me, I'd cancel the installation and put this guy on a mental blacklist forever - who wants to deal with an a-hole. Still, that method would at least be remotely legal. As it stands, lots of you have said it before but I'll repeat it - erasing private data is a crime, period.

Ah, on the topic of cost of software. The interesting thing is that software market is NO MARKET AT ALL! To be a market, one has to be provided with choices of a product doing substantially similar things with prices set by supply and demand and some competition to boot.Often in software there is no choice - there is one product doing one thing and sold at a fixed price set by developers. When there is a true choice of products, prices still don't seem to be set by the market. Rather, developers randomly set the price and users excercise their market power by pirating (i.e. leveragint their fear of illegal action or acting immorally vs. the cost being too high for functionality provided.) Want to reduce pirating - auction your software. The real price will be found very soon, but it will very likely be a lot lower then $20 most seem to be asking for. BTW, $20 is an astronomical price for all but the most complicated software packages geared for ahome user. I would bet that market set prices would be somwhere between 5 cents and 2$.

There was a bug in the vBuild component of InstallShield last summer which could result in an accidental `rm -rf ~`. After being bitten by it once (fortunately I noticed the disk activity before it deleted anything for which I didn't have backups), I helped to track down the problem; apparently at one point there was a "mkdir/cachedir; cd/cachedir; rm -rf *" (or rather, the equivalent in C) and they never checked the return codes of the first two operations.

So, to everyone who is asking "what if he made a mistake?": Mistakes can result in data loss even if you don't intend to delete anyone's data.

The best anti-piracy serial number solution I've seen was one (I can't remember the program) that, when you entered a known pirated serial number, it said "You just entered a pirated serial number. I know I can't stop you, but I can sure make you feel guilty. You can use the program now withouth the nagging now, you cheap bastard" (Or similar, it's been a while.)

It worked. I decided to delete the program until I could convince work to buy it for me. (New job, so the copy stayed with them.) I've never looked at pirating serial numbers the same since. I try hard to get work to buy the smaller software companies stuff that I use, or I delete it, or look for freeware so at least I'm being cheap but without the guilt.

Software developers that have a problem with piracy are making an incorrect assumption. And that is that anything other than a small fraction of their user base is willing to pay.
They are, incorrectly, looking at the number of downloads, comparing that to the number of sales, and are seeing the difference as losses.
They are not.
I personally would never pay for Echelon. I may download it and use it if free, but if I had to pay for it, then it drops below my radar of things-I-want-to-do. Or, some other developer has a 30 day trial I can use.
The point is, some random small shareware app very rarely does something Im willing to consider paying money for. 90% of things like echelon I download Ill run once, think "thats cute" then totally forget about. Im not willing to spend $10 or more a time simply because Im curious about something.
Sheesh, Why these software authros think that their tool is going to become an indispensible part of my life such that I need to pay for it. Crikey.
Anyway, if shareware authors stopped lamentin gthe rampant "piracy", which is users of their software who would never buy it anyway, and concentrated instead on expanding the base of paying users, then they just might get somewhere.

Hang on a second. Wasn't Echelon that program that allowed you to do things like rip DVDs and convert video formats? So, you've got a dev who's bitching about people pirating his software when he's writing something specifically designed for pirating movies.

I'm sure Echelon had legitimate uses (yeah, right) but how many of us can say that we use programs like this in order to convert our holiday movies from mpg to avi, and *never* rip a DVD?

Yeah, damn right. His program was aimed at taking DivX and MPG movies in commonly downloaded formats, and turning them into DVDs.

So, he wrote a program whose main audience was people who violate copyright, and was then surprised to find people pirating his software? Oh, cry me a river.

I feel the same way about people who write shareware "file sharing" applications, and then act all irate when we share the registration codes for those applications. If you don't want your work to be ripped off, it'd help if you didn't go out of your way to assist people in ripping off the work of others. I've registered fifteen pieces of shareware, but I'm sure as hell not registering "file sharing" software.

Plus, the "meat" of his software was apparently GPLed projects such as ffmpeg anyway...

I'm an independent car manufacturer. The cars I build are licensed to be driven only by the purchaser. Sort of like the airline industry selling non-transferable, non-refundable tickets. Recently I have been losing money to transporation pirates who loan their cars to friends. They keep defeating whatever user-identifying technology I build into the cars. Based on one new car purchase per unauthorized transport, I estimate that I lose $400 billion annually to these pirates.

I've already bribed Orrin Hatch to make it illegal to drive somebody else's car. I even got Congress to spend billions of taxpayer dollars to install anti-piracy, I mean anti-terrorism cameras on every freeway overpass, to photograph people driving other people's cars, in case they're terrorists. Transportation pirates soon discovered they could simply wear a paper mask of the car owner's face. Some driver-id protestors even wear opaque, featureless masks when they drive their own cars. I've tried randomly suing people, but the shock value wore off pretty quickly and I barely recovered my legal costs. But at least I proved that I'm right.

Accepting that my business model doesn't work in today's world and going into another line of business is not an option. I don't want to face reality, I want to change the world to be the way I want it to be, regardless of the side effects. I also want everybody to be on my side and admit that I'm right. What should I do?

I would probably tend to be one to side with the "crackers deserve what they get" folks, being that I always pay for my software and don't like the fact that folks take stealing software so lightly. However, about a year ago I had installed some shareware that was somewhat crippled until a valid license key was entered. A friend of mine took the liberty of going to a warez site, finding a key for the software and entered that key. He did not ask me nor did he tell me he had activated the software. I found out when I came back from the bathroom. Had that software deleted my entire home directory, I would have been seriously ticked at my friend and the author of the software. I might have been ticked enough to talk to a lawyer.

The one point this guy makes is that piracy does hurt the small niche programmer.

I have always been amazed that the large companies probably get a big benefit from releasing their software into world... people learn to use and depend on it... and eventually as the rep gets better, then sales improved.

However, I have no doubt that piracy has really hurt programmers like this guy. He reports a 30% decrease in sells. I can understand why he is so desperate.

Do two wrongs make a right?

If you know a kid is going to steal a coke, is it okay to put poision in that coke?

I don't know what is morally right or wrong, but I can understand why this guy is so worried.

If you know a kid is going to steal a coke, is it okay to put poision in that coke?

I think a better analogy is: if you know a kid is going to steal a coke, is it okay to put laxatives in that coke, along with a sign on the coke saying "if you didn't pay for this it has laxatives in it"?

I can guess how the majority of this discussion will go, so I just have one question. Why do people always try to apply the ideas of OSS to commercial software? It's like people get so used to being able to download anything they want for free that they for some reason take that set of principles and apply it to software they weren't given permission to download without paying for. That's completely the opposite of the free spirit of OSS, which is that someone is purposely giving away their effort of their own volition, and you can contribute back to it for the good of the community. Pirating doesn't contribute anything except lost sales for the people who make a living and feed their families. It's not free advertising, it's not try-before-you-buy (that's what demos are for), it is nothing more than people not wanting to pay for something. Same thing with MP3 piracy, movie piracy, etc.

This may be a troll, but I'll bite.
Just because something is in writing, doesn't mean it's legit or legal!
I could put a clause in my EULA saying "If you read this, I can take all your money and all your children's money", but that doesn't make it legal or enforceable.

No, that is not true. A license cannot violate the laws of your country, and in the U.S. a license cannot take away any of your constitutional rights.

A provision in a license does not give someone superpowers over you. The only remedy legally available to software distributors/makers/developers that have users who are breaking the terms of the license is: termination of the license. There is no way to legally destroy files on a user's machine no matter what they have done to you.